Promoting Global Cybersecurity

1
Promoting Global Cybersecurity

• Presented to ITU-T Study Group 17
• Geneva, Switzerland
• 6 October 2005

Robert Shaw ITU Internet Strategy and Policy
Advisor ITU Strategy and Policy Unit
2
Agenda

• Critical Infrastructures
• Cybersecurity Threats
• National Cybersecurity Themes
• Emerging International Cooperation Agenda in
  Promoting Global Cybersecurity
• References
• Draft WSIS Language
• Some Possible Future ITU Activities

3
Critical Infrastructures

• All countries depend on critical infrastructures
  for their national security
• Telecommunications
• Banking Financial Markets
• Health Emergency Services
• Transportation Systems
• Critical Manufacturing
• Energy and Water
• Vital Government Services

4
Cybersecurity and Critical Information
Infrastructures

• In 21st century, most critical infrastructures
  are dependent on information and communications
  systems that span the globe
• These are called Critical Information
  Infrastructures (CIIs)

5
Cybersecurity Threats

• There is continuum of threats to CIIs
• Negligent/malicious employees
• independent hackers
• professional and organized attackers
• cyberterrorism
• Evidence the threat is increasingly serious,
  global and costly

6
Cybersecurity and Critical Information
Infrastructure Protection

• Rapid growth of ICTs led to shift in perception
  of gravity of threat in the mid-1990s
• Critical information infrastructure linkage made
  to other critical infrastructure systems
• Potential of Force Multiplier effects
• During this period, a number of countries began
  an assessment of their vulnerabilities/threats
  and considered how to redress them

7
National Cybersecurity Themes

• Identification of what constitutes critical
  sectors and risk assessment
• Interagency and multi-stakeholder approach
  prevails
• Private-public partnerships identified as crucial
• Harmonization of national legal provisions to
  enhance judicial and police cooperation
• Need for cooperative international action
  identified and acknowledged

8
Emerging International Cooperation Agenda in
Promoting Global Cybersecurity
some examples.
9
Examples Promoting Global Cybersecurity

• WTSA Resolution 50 (2004) Cybersecurity
• WSIS Phase I (2003) DoP 5) Building confidence
  and security in the use of ICTs AP C5.
  Building confidence and security in the use of
  ICTs
• ITU PP Res 130 (2002) Strengthening the role of
  ITU in information and communication network
  security
• UNGA Resolutions 58/199 (2004) and 57/239
  (2002) Creation of a global culture of
  cybersecurity and protection of critical
  information infrastructure

10
ITU WSIS Thematic Meeting on Cybersecurity

• When June 28 July 1 2005
• What This conference will examine the
  recommendations in the WSIS first phases Plan of
  Action that relate to building confidence and
  security in the use of ICTs and the promotion of
  a global culture of cybersecurity
• Where ITU Headquarters, Geneva, Switzerland
• See http//www.itu.int/cybersecurity/

11
Meeting Themes

• Six Broad Themes
• information sharing of national approaches, good
  practices and guidelines
• developing watch, warning and incident response
  capabilities harmonizing
• national legal approaches and international legal
  coordination
• technical standards
• privacy, data and consumer protection
• providing assistance to developing economies.
• First day of meeting focused on countering spam
  as follow-up to 2004 Thematic Meeting on
  Countering Spam

12
Status of Cybersecurity Spam Discussions
towards WSIS Phase II

• On the road to Tunis
• See Sub-Committee A Chairs Paper on Chapter 3
  after Prepcom-3 4th Reading at
• http//www.itu.int/wsis/docs2/pc3/working/dt10rev4
  .pdf

13
WSIS Prepcom 3 19-30 Sept 2005 Cybersecurity

• Chapter Three Internet Governance, 3b) Public
  Policy Issues Related to the Use of the Internet
• We seek to build confidence and security in the
  use of ICTs by strengthening the trust framework.
  We reaffirm the necessity to further promote,
  develop and implement in cooperation with all
  stakeholders a global culture of cyber-security,
  as outlined in UNGA Resolution 57/239 and other
  relevant regional frameworks. This culture
  requires national action and increased
  international cooperation to strengthen security
  while enhancing the protection of personal
  information, privacy and data. Continued
  development of the culture of cyber-security
  should enhance access and trade and must take
  into account the level of social and economic
  development of each country and respect the
  development-oriented aspects of the Information
  Society. (Agreed)

14
WSIS Prepcom 3 19-30 Sept 2005 Cybersecurity

• Chapter Three Internet Governance, 3b) Public
  Policy Issues Related to the Use of the Internet
• We underline the importance of the prosecution
  of cybercrime, including cybercrime committed in
  one jurisdiction but having effects in another.
  We call upon governments in cooperation with
  other stakeholders to develop necessary
  legislation for the investigation and prosecution
  of cybercrime, noting existing frameworks, for
  example, UNGA Resolutions 55/63 and 56/121 on
  Combatting the criminal misuse of information
  technologies and the Council of Europe's
  Convention on Cybercrime.
• We further underline the necessity of effective
  and efficient tools and mechanisms, at national
  and international levels, to promote
  international cooperation among, inter alia, law
  enforcement agencies on cybercrime.. (Not
  Agreed)

15
WSIS Prepcom 3 19-30 Sept 2005 Spam

• Chapter Three Internet Governance, 3b) Public
  Policy Issues Related to the Use of the Internet
• We resolve to deal effectively with the
  significant and growing problem posed by spam. We
  take note of current multilateral,
  multi-stakeholder frameworks for regional and
  international cooperation on spam, for example,
  the APEC Anti-Spam Strategy, the London Action
  Plan, the Seoul Melbourne Anti-Spam Memorandum of
  Understanding and the relevant activities of the
  OECD and ITU. We call upon all stakeholders, to
  adopt a mult-pronged approach to counter spam
  that includes, inter alia, consumer and business
  education appropriate legislation, law
  enforcement authorities and tools the continued
  development of technical and self regulatory
  measures best practices and international
  cooperation. (Agreed)
• Note there is nothing in this multi-pronged
  approach that cannot be argued to apply more
  generally to promoting global cybersecurity

16
Possible Future ITU Specific Activities on
Cybersecurity

• Survey, describe and raise awareness of issues
  generally faced by national policy makers
• Development of best practices, standards,
  technical guidelines and procedures to reduce
  vulnerabilities
• National coordination mechanisms
• Appropriate national legal infrastructures
• Watch, warning and recovery capabilities
• Government/industry partnerships
• Outreach to civil society and consumers

17
Closing Remarks

• Each May 17th, ITU celebrates World
  Telecommunication Day, which celebrates ITUs
  founding in 1865 and its history of helping the
  world communicate
• Promoting Global Cybersecurity is 2006 theme
• ITU plans related awareness-raising campaign
• Formulating our ideas and welcome your input on
  how we can tie ITUs policy and technical agenda
  on cybersecurity together

18
Thank you

• International
• Telecommunication
• Union

Helping the world communicate